|"What's the Good Word?" None, in Personal Computer Security |
"What's the Good Word?" None, in Personal Computer Security
By Jim Garamone, American Forces Press Service.
Washington D.C. -- (AFPS) October 3, 2000 -- "What's your computer password?" the helpdesk person asked the young NCO.
"Just key in 'PASSWORD,'" the young NCO answered.
It's exchanges like this that give network administrators fits.
It's a cyberworld and protecting information is at the heart of the trust people put on information gleaned from computers. You wouldn't leave your wallet lying about or leave your car unlocked, but people -- often smart people -- leave their computers unsecured.
Air Force Master Sgt. Jeff Hoopes is the security manager for the Defense Information Systems Center here. He has a number of common sense precautions people should take to safeguard their computers. While his suggestions are aimed at home users, they can also be applied at the office.
Hoopes said people should avoid suspicious e-mail with attachments from anyone. "A virus can often come from a trusted source that was infected," he said. The "I love you" virus, for example, spread by attaching to e-mail addresses in users' personal address books.
Passwords are the first line of defense for computer users.
Hoopes said computer users should have a "strong" password that does not contain any word found in a dictionary or used in a normal conversation. He said reversing a word or name can still be easily cracked. "A strong password should also contain a mix of numbers, upper and lower-case letters and special characters with a minimum of seven characters," he said. "Ktr#i9Q" is an example of a strong password.
Don't tape your password up next to your machine, Hoopes said. And avoid using the same password for every site.
He advised users to install anti-virus software and apply vendor updates as they become available. Have your system scanned for viruses regularly. He said users should apply security patches to update their operating system and applications as needed. He suggested pointing your browser toward http://updates.zdnet.com/ will check your system and recommend updates.
"Never install software from unknown sources or trust freeware to protect your privacy," he said. The Symantec Corp. Web site at www.symantec.com offers a free security analyzer to check your system for "spyware," he said. Freeware often has built-in spyware code that allows advertisers to track where you go on the Internet. Some other code is far nosier, and possibly malicious.
Hoopes said people should test their connections to the Internet. He suggested users try the Web site http://grc.com/default.htm, which has a "Shields Up" application to check your personal computer. He said personal "firewalls" -- an electronic barricade -- also offer some protections and suggested interested people go to http://www.zonelabs.com/ for information.
He said people should use credit card information on the net wisely. "Only use secure sites," he said. Web browsers indicate secure sites with a lock icon and and "https://" preceding the Internet address, he said.
He said people who are still concerned about using their credit cards online might consider getting and using a credit card with a minimal credit line. Also, some credit cards will also promise "zero liability" for Internet fraud, he said.
He said everyone should minimize the personal information they share online. "You should always use nicknames or 'handles' to protect your identity on chat sites or bulletin boards," he said.
Finally, he said people should use encryption or other tools when transferring sensitive information over the Internet.
The current common encryption standard is called "128-bit SSL," for "secure sockets layer." The two major Web browsers, Microsoft Internet Explorer and Netscape Navigator, can both be configured with 128-bit SSL or upgraded to it. The previous 40-bit SSL standard found in older browser versions is no longer considered safe in the face of code-cracking hackers.
Hoopes said people who have questions about their office computer security should contact their network administrator or helpdesk.